none
Windows Defender won't start

    Question

  •  I recently recovered from yet another malware attack, this one called itself "windows security center". It was a real pain to isolate it and remove it. It had even planted itself in Safe Boot! Im pretty confident it is gone, however, I cant get Defender to start. When I open the Defender program, it tells me a problem has caused it to  shut down. When I try to start it , I get " Specified service does not exist as an intalled service. error code 0x080070424. I have tried using the Run Cmd to get it to start, as well as using the Fix-it tool. I tried to uninstall it so I could reinstall it, but its not listed as a program to remove, and when I try to reinstall it, I am notified that it is already current and doent need to be installed. I even tried the  c:\fix_defender solution. I am running Windows 7 SP1, but was having the problem before I installed SP1. My gut is telling me its a registry error, but I dont mess around with regedit enough to feel comfortable just playing with it. Any help would be greatly appreciated.
    Saturday, April 09, 2011 3:32 AM

Answers

  • Hi,

     

    You may refer to the following links if there is the McAfee program or Microsoft Security Essentials installed:

     

    Windows Defender and McAfee

     

    Windows Defender and Microsoft Security Essentials

     

    If not, this issue can be caused by one of the following factors:

     

    1. Windows Defender service has been stopped or is missing from the Services list.

    2. The following registry key or its sub key is missing or corrupt:

     

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend

     

    Step 1: Verify the Windows Defender service

    ----------------------------------------------------

    1. Click "Start", in the "Start Search" bar, type: "services.msc" (without quotes) and press Enter. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    2. Double click the service "Windows Defender".

    3. Click on the "General" tab; make sure the "Startup Type" is "Automatic" or "Manual". Then please click the "Start" button under "Service Status" to start the service.

     

    Note: If the Windows Defender service has already started, please temporarily stop the service, restart the computer. If the service is missing or cannot be stopped or restarted, please move on to the following steps to troubleshoot this issue.

     

    Step 2: Restore the Windows Defender Registry Key

    ---------------------------------------------------------------

     

    Before we go any further, please refer to the following links to backup the registry key:

     

    Back up the registry

     

    Then please move on to the steps below to remedy the key.

     

    1. Click "Start", type: "notepad D:\fix.reg" (without the quotes) in the Start Search Bar and press Enter. Choose "Yes" when you are prompted.

    2. Copy the following commands between the two ---------- lines (without the lines) and then paste them into the opened Notepad window.

     

    -------------------------------------------------

    Windows Registry Editor Version 5.00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]

    "DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"

    "ErrorControl"=dword:00000001

    "Group"="COM Infrastructure"

    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

      74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\

      00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\

      6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00

    "Start"=dword:00000002

    "Type"=dword:00000020

    "Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-3068"

    "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00

    "ObjectName"="LocalSystem"

    "ServiceSidType"=dword:00000001

    "RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\

      00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\

      65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\

      00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\

      74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\

      00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\

      69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\

      00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\

      6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\

      00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\

      00,00

    "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

      00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Parameters]

    "ServiceDllUnloadOnStop"=dword:00000001

    "ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\

      00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\

      20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\

      00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Security]

    "Security"=hex:01,00,14,80,04,01,00,00,10,01,00,00,14,00,00,00,30,00,00,00,02,\

      00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

      00,00,02,00,d4,00,07,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\

      05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\

      00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\

      84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\

      00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\

      05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\

      04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,\

      00,28,00,15,00,00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,\

      e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,\

      00,01,01,00,00,00,00,00,05,12,00,00,00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Enum]

    "0"="Root\\LEGACY_WINDEFEND\\0000"

    "Count"=dword:00000001

    "NextInstance"=dword:00000001

    -----------------------------------------------------

     

    3. After pasting the above commands, please close the Notepad window. Choose "Yes" when you are prompted to save the file. Choose D:\fix.reg as its name.

    4. Click "Start", type: "D:\fix.reg" (without the quotes) in the Start Search Bar and press Enter to run the commands we have pasted.

    5. A dialog box will pop-up saying "Are you sure you want to add the information in C:\fix.reg to the registry?". Click "Yes" on this dialog box

    6. Reboot the machine.

    7. After the machine reboots, please test the issue.

     

    Regards,

     

    Sabrina


    This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Sabrina Shen Friday, April 15, 2011 1:32 AM
    Monday, April 11, 2011 9:09 AM
  • On Sat, 9 Apr 2011 03:32:33 +0000, jakelong2112 wrote:

    however, I cant get Defender to start.

    Are you running Microsoft Security Essentials, AVG, Norton, or McAfee?
    If you are running one of those, it has turned off Defender. That's
    good, not bad. Not only is there potential conflict, but there's no
    reason to have both; they all essentially have something very similar
    to Defender built into them, and running both at once will hurt your
    performance and create the risk of problems as they conflict with each
    other.


    Ken Blake, Microsoft MVP
    • Proposed as answer by Sabrina Shen Monday, April 11, 2011 8:50 AM
    • Marked as answer by Sabrina Shen Friday, April 15, 2011 1:32 AM
    Saturday, April 09, 2011 3:52 PM

All replies

  • On Sat, 9 Apr 2011 03:32:33 +0000, jakelong2112 wrote:

    however, I cant get Defender to start.

    Are you running Microsoft Security Essentials, AVG, Norton, or McAfee?
    If you are running one of those, it has turned off Defender. That's
    good, not bad. Not only is there potential conflict, but there's no
    reason to have both; they all essentially have something very similar
    to Defender built into them, and running both at once will hurt your
    performance and create the risk of problems as they conflict with each
    other.


    Ken Blake, Microsoft MVP
    • Proposed as answer by Sabrina Shen Monday, April 11, 2011 8:50 AM
    • Marked as answer by Sabrina Shen Friday, April 15, 2011 1:32 AM
    Saturday, April 09, 2011 3:52 PM
  • Hi,

     

    You may refer to the following links if there is the McAfee program or Microsoft Security Essentials installed:

     

    Windows Defender and McAfee

     

    Windows Defender and Microsoft Security Essentials

     

    If not, this issue can be caused by one of the following factors:

     

    1. Windows Defender service has been stopped or is missing from the Services list.

    2. The following registry key or its sub key is missing or corrupt:

     

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend

     

    Step 1: Verify the Windows Defender service

    ----------------------------------------------------

    1. Click "Start", in the "Start Search" bar, type: "services.msc" (without quotes) and press Enter. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    2. Double click the service "Windows Defender".

    3. Click on the "General" tab; make sure the "Startup Type" is "Automatic" or "Manual". Then please click the "Start" button under "Service Status" to start the service.

     

    Note: If the Windows Defender service has already started, please temporarily stop the service, restart the computer. If the service is missing or cannot be stopped or restarted, please move on to the following steps to troubleshoot this issue.

     

    Step 2: Restore the Windows Defender Registry Key

    ---------------------------------------------------------------

     

    Before we go any further, please refer to the following links to backup the registry key:

     

    Back up the registry

     

    Then please move on to the steps below to remedy the key.

     

    1. Click "Start", type: "notepad D:\fix.reg" (without the quotes) in the Start Search Bar and press Enter. Choose "Yes" when you are prompted.

    2. Copy the following commands between the two ---------- lines (without the lines) and then paste them into the opened Notepad window.

     

    -------------------------------------------------

    Windows Registry Editor Version 5.00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]

    "DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"

    "ErrorControl"=dword:00000001

    "Group"="COM Infrastructure"

    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

      74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\

      00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\

      6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00

    "Start"=dword:00000002

    "Type"=dword:00000020

    "Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-3068"

    "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00

    "ObjectName"="LocalSystem"

    "ServiceSidType"=dword:00000001

    "RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\

      00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\

      65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\

      00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\

      74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\

      00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\

      69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\

      00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\

      6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\

      00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\

      00,00

    "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

      00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Parameters]

    "ServiceDllUnloadOnStop"=dword:00000001

    "ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\

      00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\

      20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\

      00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Security]

    "Security"=hex:01,00,14,80,04,01,00,00,10,01,00,00,14,00,00,00,30,00,00,00,02,\

      00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

      00,00,02,00,d4,00,07,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\

      05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\

      00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\

      84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\

      00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\

      05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\

      04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,\

      00,28,00,15,00,00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,\

      e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,\

      00,01,01,00,00,00,00,00,05,12,00,00,00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Enum]

    "0"="Root\\LEGACY_WINDEFEND\\0000"

    "Count"=dword:00000001

    "NextInstance"=dword:00000001

    -----------------------------------------------------

     

    3. After pasting the above commands, please close the Notepad window. Choose "Yes" when you are prompted to save the file. Choose D:\fix.reg as its name.

    4. Click "Start", type: "D:\fix.reg" (without the quotes) in the Start Search Bar and press Enter to run the commands we have pasted.

    5. A dialog box will pop-up saying "Are you sure you want to add the information in C:\fix.reg to the registry?". Click "Yes" on this dialog box

    6. Reboot the machine.

    7. After the machine reboots, please test the issue.

     

    Regards,

     

    Sabrina


    This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Sabrina Shen Friday, April 15, 2011 1:32 AM
    Monday, April 11, 2011 9:09 AM
  • Hi there thanks for this info as it fixed my problem in windows 7 pro

    Thursday, April 14, 2011 11:48 PM
  • There is no "WinDefend" in my regedit when looking in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    Monday, September 26, 2011 4:38 PM
  • There is no "WinDefend" in my regedit when looking in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\


    I think Sabrina's method might be what you're looking for otherwise look at the last page on this forum link:

    http://www.sevenforums.com/system-security/161188-windows-defender-0x80070424-error-3.html

     

    I don't agree with Blake's assessment of the problem as I have another computer running Win 7, McAfee, AND Defender just fine. Plus, I can see McAfee (or one of the other programs) disabling Defender but not deleting it from the list of services.

    Friday, December 16, 2011 3:38 PM
  • i am messed around with this "problem" for days.  this is the only thing i have found that makes sense. 
    Thursday, January 05, 2012 9:54 PM
  • Thank you
    Sabrina you fix worked for me and I am running Vista.

    I backed up the registry and applied the fix, rebooted and the Windows Defender service started after the reboot.

    I have tried many different fixes on many different machines and this saved me from reloading a customers machine.

    thanks again.

    Richard

    Thursday, March 15, 2012 7:04 PM
  • Thank you for this post my defender is now working properly!!
    Friday, October 19, 2012 9:46 PM
  • This fix didn't work for me.  I have a brand new Western digital hard drive.  My garbage seagate finally died after 2 1/2 years, typical!  This is a fresh install.  windows update apearently requires windows defender as a prerequisite, since update won't run without defender.  First, group policy prevented defender from starting, so I went into gpedit and fixed that, but it still won't stay started.  I'm trying to figure if a driver is causing this but I am puzzled.  I had to initially do a clean windows 7 professional 64bit install (before the update problems started), since after changing hard drives, my sony vaio laptop would let me do a successful restore from backup.  Any ideas?
    Sunday, November 04, 2012 6:05 PM
  • This fix didn't work for me.  I have a brand new Western digital hard drive.  My garbage seagate finally died after 2 1/2 years, typical!  This is a fresh install.  windows update apearently requires windows defender as a prerequisite, since update won't run without defender.  First, group policy prevented defender from starting, so I went into gpedit and fixed that, but it still won't stay started.  I'm trying to figure if a driver is causing this but I am puzzled.  I had to initially do a clean windows 7 professional 64bit install (before the update problems started), since after changing hard drives, my sony vaio laptop would not let me do a successful restore from backup.  Any ideas?
    Sunday, November 04, 2012 6:08 PM
  • I was able to turn Windows Defender back on through the Action Center.
    Thursday, May 30, 2013 12:10 PM
  • I tried everything, including fixing the registry as suggested here but I could still not run Windows Defender or start or stop the service.  The icon of the Windows Defender showed no image and I was simply not able to run it.  Running MSASCui.exe from C:\Program Files\Windows Defender\MSASCui.exe just raised an error.

    In my case I think the exe itself was genuinely corrupt. I copied a "healthy" MSASCui.exe from another computer where the defender was fine and this solved my problem.

    As soon as i copied the "uncorputed" MSASCui.exe in C:\Program Files\Windows Defender\ everything worked. I can run defender, start & stop the service, download definitions without any issues and run several Defender-related windows updates that we continually failing.  These include KB915597, KB2847927, KB2592687, etc.
    Friday, November 29, 2013 8:05 PM